The CA/Browser Forum has voted (cf. https://groups.google.com/a/groups.cabforum.org/g/servercert-wg/c/9768xgUUfhQ?pli=1) to eventually reduce the maximum validity period for a SSL certificate from 398 days to 47 days by March 2029.
This makes statically pinning a leaf certificate rather challenging. What are the consequences for App Transport Security Identity Pinning as it exists today?
What are the consequences for App Transport Security Identity Pinning as it exists today?
Both NSPinnedCAIdentities and NSPinnedLeafIdentities pin Subject Public Key Info structures, not certificates as whole. As long as the public key doesn’t change when the certificate is re-issued, it’ll have no effect on ATS.
Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"
Thanks Quinn; I'll file this under "think first, ask later"
